0 votes

We have the Skype for business Basic working correctly in Adaxes. However we need add to the server and grant specific options (screen sharing). We have the script below but it is not working.

$lyncServer = "csfe01.anon.com" # TODO: Modify me

$sessionOptions = New-PSSessionOption -SkipRevocationCheck -SkipCACheck -SkipCNCheck
$session = New-PSSession -ConnectionUri https://$lyncServer/ocspowershell `
    -SessionOption $sessionOptions -Authentication NegotiateWithImplicitCredential

Import-PSSession -session $session

Grant-CsConferencingPolicy -identity "%username%" -PolicyName "Conferencing Enabled" # Assign a Conferencing Policy
#Grant-CsPinPolicy -Identity "%userPrincipalName%" -PolicyName MyPinPolicy # Assign a PIN Policy
#Grant-CsExternalAccessPolicy -Identity "%userPrincipalName%" -PolicyName MyAccessPolicy # Assign an External Access Policy
#Grant-CsArchivingPolicy -Identity "%userPrincipalName%" -PolicyName MyArchivingPolicy # Assign an Archiving Policy
#Grant-CsMobilityPolicy -Identity "%userPrincipalName%" -PolicyName MyMobilityPolicy # Assign a Mobility Policy
#Grant-CsPersistentChatPolicy -Identity "%userPrincipalName%" -PolicyName MyPersistentChatPolicy # Assign a Persistent Chat Policy

Remove-PSSession -Session $session
by (14.5k points)
0

Hello,

We have the script below but it is not working.

Could you send us or post here screenshots of the error messages?

However we need add to the server

Could you specify, what you mean exactly?

0


Screenshot is above.

Could you specify, what you mean exactly

We can add too the server just fine, we need to be able to add a conferencing policy to allow screen sharing to certain users. We were doing this through the custom command option that we posted previously.

1 Answer

0 votes
by (177k points)
selected by
Best answer

Hello,

Thank you for the provided details. We encountered the issue before. It is a bug in Skype for Business. We've already reported it to Microsoft, together with a couple of other users, but have not received any relevant response for them. The issue can occur from time to time, we didn't find any regular pattern. As we found during our tests, when the issue occurs, an attempt to enable the user for Skype once more should succeed.

We have updated your script to work around the issue:

$lyncServer = "csfe01.anon.com" # TODO: Modify me
$connectAttemptCount = 3 # TODO: Modify me

$sessionOptions = New-PSSessionOption -SkipRevocationCheck -SkipCACheck -SkipCNCheck
for ($i = 0; $i -lt $connectAttemptCount; $i++)
{
    try
    {
        $session = New-PSSession -ConnectionUri https://$lyncServer/ocspowershell `
            -SessionOption $sessionOptions -Authentication NegotiateWithImplicitCredential -ErrorAction Stop
        $errorMessage = $NULL
    }
    catch
    {
        $errorMessage = $_.Exception.Message
        continue
    }
}

if ($errorMessage)
{
    $Context.LogMessage("An error occured when creating remote PowerShell session to server '$lyncServer'. Error: $errorMessage", "Error")
    return
}

Import-PSSession -session $session

Grant-CsConferencingPolicy -identity "%username%" -PolicyName "Conferencing Enabled" # Assign a Conferencing Policy
#Grant-CsPinPolicy -Identity "%userPrincipalName%" -PolicyName MyPinPolicy # Assign a PIN Policy
#Grant-CsExternalAccessPolicy -Identity "%userPrincipalName%" -PolicyName MyAccessPolicy # Assign an External Access Policy
#Grant-CsArchivingPolicy -Identity "%userPrincipalName%" -PolicyName MyArchivingPolicy # Assign an Archiving Policy
#Grant-CsMobilityPolicy -Identity "%userPrincipalName%" -PolicyName MyMobilityPolicy # Assign a Mobility Policy
#Grant-CsPersistentChatPolicy -Identity "%userPrincipalName%" -PolicyName MyPersistentChatPolicy # Assign a Persistent Chat Policy

Remove-PSSession -Session $session
0

We updated the script and ran three times and each time received the message below.

0

Hello,

Could you send us or post here a screenshot of your Business Rule configuration? We need something like the following:

Could you specify if the object tutorial had an account in Skype for Business prior to script execution?

How many domain controllers do you have?

0

Screenshot below.
The object Tutorial did not have Skype for Business previously, we can add the built in command for Skype for Business without issue and the removal works as well.
We have 4 domain controllers in our environment.

0

Hello,

As you have 4 DCs the error might be related to synchronization. When you ran the script Skype for Business server connected to a DC that had no information about enabling an account for the user. We updated the script accordingly. If you face the same error again, it will mean that the user does not have an account in Skype for Business.

$lyncServer = "csfe01.anon.com" # TODO: Modify me
$connectAttemptCount = 3 # TODO: Modify me

try
{
    $sessionOptions = New-PSSessionOption -SkipRevocationCheck -SkipCACheck -SkipCNCheck
    for ($i = 0; $i -lt $connectAttemptCount; $i++)
    {
        try
        {
            $session = New-PSSession -ConnectionUri https://$lyncServer/ocspowershell `
                -SessionOption $sessionOptions -Authentication NegotiateWithImplicitCredential -ErrorAction Stop
            $errorMessage = $NULL
        }
        catch
        {
            $errorMessage = $_.Exception.Message
            continue
        }
    }

    if ($errorMessage)
    {
        $Context.LogMessage("An error occured when creating remote PowerShell session to server '$lyncServer'. Error: $errorMessage", "Error")
        return
    }

    # Get domain controller FQDN for the user's domain
    $domainName = $Context.GetObjectDomain("%distinguishedName%")
    $rootDSE = $Context.BindToObject("Adaxes://$domainName/rootDSE")
    $domainControllerFQDN = $rootDSE.Get("dnsHostName")

    Import-PSSession -session $session

    Grant-CsConferencingPolicy -identity "%username%" -PolicyName "Conferencing Enabled" -DomainController $domainControllerFQDN # Assign a Conferencing Policy
    #Grant-CsPinPolicy -Identity "%userPrincipalName%" -PolicyName MyPinPolicy -DomainController $domainControllerFQDN # Assign a PIN Policy
    #Grant-CsExternalAccessPolicy -Identity "%userPrincipalName%" -PolicyName MyAccessPolicy -DomainController $domainControllerFQDN # Assign an External Access Policy
    #Grant-CsArchivingPolicy -Identity "%userPrincipalName%" -PolicyName MyArchivingPolicy -DomainController $domainControllerFQDN # Assign an Archiving Policy
    #Grant-CsMobilityPolicy -Identity "%userPrincipalName%" -PolicyName MyMobilityPolicy -DomainController $domainControllerFQDN # Assign a Mobility Policy
    #Grant-CsPersistentChatPolicy -Identity "%userPrincipalName%" -PolicyName MyPersistentChatPolicy -DomainController $domainControllerFQDN # Assign a Persistent Chat Policy
}
finally
{   
    if ($session) { Remove-PSSession -Session $session }
}
0

Okay thank you, so does the user have to be on the server first and then run this script? Or does this script create if needed and then add the policy as directed?

0

Hello,

so does the user have to be on the server first and then run this script?

Yes, that is correct.

You can enable users for Skype for Business (Lync) using the Enable or disable for Lync action. For information about the action check the Enable or disable for Lync section of the following help article: http://www.adaxes.com/help/?UsingAdmini ... ialog.html.

0

ok, that worked when adding the basic to a user first.

Question, would it work if we made a custom command to adding the Skype first and then ran this script?

0

Hello,

Yes, it should work.

Related questions

0 votes
1 answer

"Connecting to remote server <<FQDN Servername>> failed with the following error message : The server certificate on the destination computer (<<FQDN servername: ... ? This may help to diagnose the issue with schannel on the skype server.

asked Mar 5 by mark.it.admin (3.5k points)
0 votes
1 answer

One of the features I noticed being called out in the 2019 update was the ability to control some Skype for Business attributes for a user. Looking at users in my environment ... can be used to manage online users, what admin roles are required on Office 365?

asked Aug 12, 2019 by blaiseb (510 points)
0 votes
1 answer

Hi! Is there a way to have ADAxess move mailboxes to a new Exchange server/store if the user becomes Skype for Business enabled ? The logic would be something that if the mailbox is ... already are SFB enabled but not moved, but does it one by one .... /Kaj

asked Sep 7, 2017 by KajLehtinen (3k points)
0 votes
1 answer

Hello, I have some AD Groups I would like to exclude from a business unit I'm using. I have standard group names across multiple OUs, some should be a part of the ... than simply having a working exclude query. Any thoughts on how I can get this working?

asked Mar 24, 2016 by drew.tittle (4.5k points)
0 votes
1 answer

Hi Is it possible to get a business rule which calls a custom command powershell script to wait for the script to complete before continuing? Thanks Matt

asked Apr 27, 2017 by chappers77 (3.7k points)
2,181 questions
1,946 answers
5,391 comments
5,200 users